Emphasizes the need for visibility, containment and information sharing, calls for increased industry support to strengthen the security of open source software
CAMBRIDGE, Mass., January 13, 2022 /PRNewswire/ —
Government and industry should prioritize investments in tools and technologies that can help increase the visibility of open source usage, best achieved through automated tools.
Supports strong private-public ownership and vulnerability management for designated critical open source libraries.
Calls for improved information sharing between government, industry and business.
Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution for powering and protecting digital experiences, participated in the White House Open Source Software Security Summit today and released the following statement:
Akamai was pleased to participate in the White House Open Source Software Security Summit today and appreciated the opportunity to share our perspective and recommendations on this important topic. Improving the security of open source software is vital, as it is essential for the Internet ecosystem. However, the ability to quickly contain the impact of a vulnerability once it is discovered is equally important. This meeting was particularly timely, given the recent detection of the Log4j vulnerability. We commend the administration’s proactive leadership in addressing this important issue which, if left unchecked, can have significant negative impacts for both government and the private sector.
Akamai says companies need to invest time and resources in open source software to ensure continuous innovation and security. Akamai has a long history of working with the open source community and contributing to open standards. This includes work with the Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), Internet Security Research Group (ISRG), OpenSSL, and the Linux kernel. We are evaluating how we can expand these commitments this year.
Akamai champions the following five pillars through ongoing partnership with our customers, many of whom are leaders in their respective industries, and in collaboration with the White House, the National Security Council, and the broader technology community:
Increase visibility on reliance on open source technologies — many companies are unfamiliar with the open source code that lives in their environment. Only by gaining visibility into the network and its code stack can we reliably address security breaches when they occur. Log4j was a black swan event, but serves as a powerful reminder that government and the private sector must prioritize investments in tools and technologies.
Identify key open source libraries and support strong vulnerability ownership and management – Threat actors comb open source libraries for vulnerabilities like Log4j. The tech community must lend support – through active project participation and financial investment – to the open source communities we depend on.
Develop reliable containment plans when exploits are identified — We are never going to eliminate vulnerabilities, so it is essential that we have effective containment policies in place to help protect businesses and consumers. We can achieve this through actionable reporting processes and supporting technology solutions.
Improve information sharing between governments and industry when vulnerabilities are first identified — the more attention we can draw to a problem, the faster the problem can be solved. By creating an information-sharing community of trusted security vendors, we can ensure that vulnerabilities are patched and patches are released faster at scale.
Extend government authorization of solutions to increase defenses — Adversaries are changing rapidly and government must be nimble to ensure its defenses can protect important government systems and key infrastructure. In some cases, emergency authorization of technology from trusted vendors would enable rapid implementation of solutions not yet FedRAMP-certified to rapidly activate protection against new threats.
Akamai powers and protects life online. The world’s most innovative companies choose Akamai to secure and deliver their digital experiences, helping billions of people live, work and play every day. With the world’s largest and most trusted edge platform, Akamai keeps apps, code, and experiences closer to users, and threats further away. To learn more about Akamai’s security, content delivery, and edge computing products and services, visit www.akamai.com and blogs.akamai.com, or follow Akamai Technologies on Twitter and LinkedIn.
See original content to download multimedia: https://www.prnewswire.com/news-releases/akamai-comments-on-national-security-council-and-white-house-open-source-software-security-summit -301460914.html
SOURCEAkamai Technologies, Inc.